Difference between revisions of "Data types"
Jump to navigation
Jump to search
(Moved nft describe section to top.) |
(Grouped data types into categories.) |
||
| Line 25: | Line 25: | ||
= List of data types = | = List of data types = | ||
== Date and time types == | |||
{| class="wikitable" | {| class="wikitable" | ||
!colspan="4"| | !colspan="4"|Date and time types | ||
|- style="vertical-align:bottom;" | |- style="vertical-align:bottom;" | ||
! Data Type | ! Data Type | ||
| Line 50: | Line 50: | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | hour | ||
| | | Hour of day of packet reception (32 bit integer). | ||
| [[Matching_packet_metainformation|''meta | Specify as string in 24-hour format, hh:mm[:ss]. | ||
| [[Matching_packet_metainformation|''meta hour'']] | |||
| Seconds are optional: ''17:00'' = ''17:00:00''. | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | time | ||
| | | Relative time of packet reception (64 bit integer). | ||
| | | [[Matching_packet_metainformation |''meta time'']] | ||
| Can be specified as a date in ISO format, i.e. "2019-06-06 17:00". Hour and seconds are optional and can be omitted if desired. If omitted, midnight will be assumed. The following three are equivalent: "2019-06-06" = "2019-06-06 00:00" = "2019-06-06 00:00:00". | |||
When an integer is specified, it is assumed to be a UNIX timestamp. | |||
|} | |||
== Network interface types == | |||
|- style="vertical-align: | {| class="wikitable" | ||
!colspan="4"|Network interface types | |||
| | |- style="vertical-align:bottom;" | ||
! Data Type | |||
| | ! style="text-align:left;" | Description | ||
! style="text-align:left;" | ''nft'' Expressions | |||
! style="text-align:left;" | Notes | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | devgroup | ||
| | | Device group (32 bit integer). | ||
| [[Matching_packet_metainformation|''meta'' {''iifgroup'' | ''oifgroup''}]] | |||
| [[Matching_packet_metainformation|''meta | | Can be specified numerically or as symbolic name defined in /etc/iproute2/group. | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| Line 120: | Line 115: | ||
| Does not have to exist. | | Does not have to exist. | ||
Slower than iface_index but good for interfaces that can dynamically appear / disappear. | Slower than iface_index but good for interfaces that can dynamically appear / disappear. | ||
|} | |||
== Ethernet types == | |||
{| class="wikitable" | |||
!colspan="4"|Ethernet types | |||
|- style="vertical-align:bottom;" | |||
! Data Type | |||
! style="text-align:left;" | Description | |||
! style="text-align:left;" | ''nft'' Expressions | |||
! style="text-align:left;" | Notes | |||
|- style="vertical-align:top;" | |||
| ether_addr | |||
| Ethernet address (48 bit integer). | |||
| | |||
* [[Matching_packet_header_fields#Matching_Ethernet_header_fields|''ether'' {''saddr'' | ''daddr''}]] | |||
* ''arp'' {''saddr'' | ''daddr''} ''ether'' | |||
| | |||
|- style="vertical-align:top;" | |||
| ether_type | |||
| [https://en.wikipedia.org/wiki/EtherType EtherType] (16 bit integer, with pre-defined symbolic constants): | |||
* ''arp'' | |||
* ''ip'' | |||
* ''ip6'' | |||
* ''vlan'' | |||
| [[Matching_packet_metainformation|''meta protocol'']] | |||
| [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/if_ether.h ether.h] has known types. | |||
NOTE that ether.h lists EtherTypes in [https://en.wikipedia.org/wiki/Endianness#Networking network order], while nft uses little-endian order on x86. (Check output of ''nft describe ether_type''.) | |||
|} | |||
== IP types == | |||
{| class="wikitable" | |||
!colspan="4"|IP types | |||
|- style="vertical-align:bottom;" | |||
! Data Type | |||
! style="text-align:left;" | Description | |||
! style="text-align:left;" | ''nft'' Expressions | |||
! style="text-align:left;" | Notes | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| Line 173: | Line 213: | ||
* ''ipsec'' {''in'' | ''out''} ''ip6'' {''saddr'' | ''daddr''} | * ''ipsec'' {''in'' | ''out''} ''ip6'' {''saddr'' | ''daddr''} | ||
| | | | ||
|} | |||
== Other types == | |||
{| class="wikitable" | |||
!colspan="4"|Other types | |||
|- style="vertical-align:bottom;" | |||
! Data Type | |||
! style="text-align:left;" | Description | |||
! style="text-align:left;" | ''nft'' Expressions | |||
! style="text-align:left;" | Notes | |||
|- style="vertical-align:top;" | |||
| gid | |||
| Group ID (32 bit integer). | |||
| [[Matching_packet_metainformation |''meta skgid'']] | |||
| Can be specified numerically or as group name. | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| Line 204: | Line 263: | ||
<li>[http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH07.web.html policyrouting.org] | <li>[http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH07.web.html policyrouting.org] | ||
</ul> | </ul> | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
Revision as of 12:12, 10 April 2021
nft describe
You can use nft describe to get information about a data type, to find out the data type of a particular selector, and to list predefined symbolic constants for that selector. Some examples:
% nft describe iif
meta expression, datatype iface_index (network interface index) (basetype integer), 32 bits
% nft describe iifname
meta expression, datatype ifname (network interface name) (basetype string), 16 characters
% nft describe tcp flags
payload expression, datatype tcp_flag (TCP flag) (basetype bitmask, integer), 8 bits
pre-defined symbolic constants (in hexadecimal):
fin 0x01
syn 0x02
rst 0x04
psh 0x08
ack 0x10
urg 0x20
ecn 0x40
cwr 0x80
List of data types
Date and time types
| Date and time types | |||
|---|---|---|---|
| Data Type | Description | nft Expressions | Notes |
| day | Day of week of packet reception (8 bit integer, with pre-defined symbolic constants):
|
meta day | Sunday = 0, Saturday = 6.
Symbolic constants are case insensitive, and unique abbreviations are accepted: Sun = sun = Sunday = 0. |
| hour | Hour of day of packet reception (32 bit integer).
Specify as string in 24-hour format, hh:mm[:ss]. |
meta hour | Seconds are optional: 17:00 = 17:00:00. |
| time | Relative time of packet reception (64 bit integer). | meta time | Can be specified as a date in ISO format, i.e. "2019-06-06 17:00". Hour and seconds are optional and can be omitted if desired. If omitted, midnight will be assumed. The following three are equivalent: "2019-06-06" = "2019-06-06 00:00" = "2019-06-06 00:00:00".
When an integer is specified, it is assumed to be a UNIX timestamp. |
Network interface types
| Network interface types | |||
|---|---|---|---|
| Data Type | Description | nft Expressions | Notes |
| devgroup | Device group (32 bit integer). | meta {iifgroup | oifgroup} | Can be specified numerically or as symbolic name defined in /etc/iproute2/group. |
| iface_index | Interface index (32 bit integer). | meta {iif | oif} | Can be specified numerically or as name of an existing interface.
Use ifname instead for interfaces whose name and/or index can change (i.e. those that appear / disappear dynamically). |
| iface_type | Interface type (16 bit integer, with pre-defined symbolic constants):
|
meta {iiftype | oiftype} | |
| ifkind | Interface kind name (16 byte string). | meta {iifkind | oifkind} | dev->rtnl_link_ops->kind
The man 8 ip-link TYPES section lists valid ifkinds. It's missing at least one: tun. |
| ifname | Interface name (16 byte string). | meta {iifname | oifname} | Does not have to exist.
Slower than iface_index but good for interfaces that can dynamically appear / disappear. |
Ethernet types
| Ethernet types | |||
|---|---|---|---|
| Data Type | Description | nft Expressions | Notes |
| ether_addr | Ethernet address (48 bit integer). |
|
|
| ether_type | EtherType (16 bit integer, with pre-defined symbolic constants):
|
meta protocol | ether.h has known types.
NOTE that ether.h lists EtherTypes in network order, while nft uses little-endian order on x86. (Check output of nft describe ether_type.) |
IP types
| IP types | |||
|---|---|---|---|
| Data Type | Description | nft Expressions | Notes |
| inet_proto | Internet protocol (8 bit integer, with pre-defined symbolic constants):
|
|
in.h has known types. |
| inet_service | Network service port number (16 bit integer). | ||
| ipv4_addr | IPv4 address (32 bit integer). |
|
|
| ipv6_addr | IPv6 address (128 bit integer). |
|
|
Other types
| Other types | |||
|---|---|---|---|
| Data Type | Description | nft Expressions | Notes |
| gid | Group ID (32 bit integer). | meta skgid | Can be specified numerically or as group name. |
| mark | Packet mark (32 bit integer). | ||
| pkt_type | Packet type (8 bit integer, with pre-defined symbolic constants):
|
meta pkttype | |
| realm | Routing Realm (32 bit integer). | meta rtclassid | Can be specified numerically or as symbolic name defined in /etc/iproute2/rt_realms.
Routing realm references: |
| uid | User ID (32 bit integer). | meta skuid | Can be specified numerically or as user name. |